Table 1. Key system types Entry
Physical key Physical key with RFID immobilizer Keyless entry with RFID immobilizer Passive Keyless Entry and Start (PKES)
Physical key Physical key Remote active (press button) Remote passive
Physical key Physical key + RFID Physical key + RFID Remote passive
the need for the attacker to get close to the establish a relay. Still, the relay device at
key in order the car side
our setup should be close to the car (≤ 30 cm).
both wired and wireless physical-layer relay setups with dif- ferent antennas and amplifiers. The cost of our relay setups is between 100 and 1000 USD, depending on the choice of components. This shows that relay attacks on PKES sys- tems are both inexpensive and practical. lthough the pos- sibility of such attacks on PKES systems has been discussed in the open literature , it was not clear if these attacks are
feasible on modern cars; in this paper, we demonstrate these attacks are both feasible and practical.
Besides demonstrating relay attacks on PKES systems, we further analyze critical time characteristics of these sys- tems and discuss the results. We also propose simple coun- termeasures that can be immediately deployed by the car owners in order to minimize the risk of relay attacks; how- ever, these countermeasures also disable the operation of the PKES systems. Finally, we review recent solutions against relay attacks and discuss their effectiveness and appropri- ateness for car PKES systems.
We note that the main reason why relay attacks are pos- sible on PKES systems is that, to open and start the car, in- stead of verifying that the correct key is in its physical prox- imity, the car verifies if it can communicate with the correct key, assuming that the ability to communicate (i.e., com- munication neighborhood) implies proximity (i.e., physical neighborhood). This is only true for non-adversarial set- tings. In adversarial settings communication neighborhood cannot be taken as a proof of physical proximity. Given this, any secure PKES system needs to enable the car and the key to securely verify their physical proximity. This is only natural since the car should open only when the legit- imate user (holding the key) is physically close to the car. We outline a new PKES system, based on distance bound- ing, that achieves this goal, and preserves user convenience for which PKES systems were initially introduced. We note that relay attacks have been similarly used in other scenar- ios, e.g., in  as mafia-fraud attacks, in  as wormhole attacks. Similarly, the relationship between secure commu- nication and physical neighborhood notions has been previ- ously studied in [34, 36, 40].
The rest of the paper is organized as follows. In Sec- tion 2 we first describe the evolution of car key systems
from physical keys to Passive Keyless Entry Systems. In Section 3 we describe the design and implementation of our wired and wireless physical-layer relay attacks. Section 4 presents the results of the experiments we conducted on 10 different PKES models. Section 5 describes the conse- quences and implications of these attacks, countermeasures are presented in Section 6 and related work is discussed in Section 7.
2 Car Entry Systems
Car key systems have passed through several genera- tions, evolving from the simple physical keys to more so- phisticated keyless entry systems. Table 1 presents the ex- isting key systems in cars.
2.1 Remote Open and Close
Physical keys were enhanced with capabilities for re- mote opening and closing the car for convenience. Such keys have a button on the key fob to open or close the car remotely. This functionality usually requires the presence of a battery and relies on UHF (315 or 433 MHz) commu- nication. The communication is energy efficient in order to save key battery life with typical transmission range from 10 to 100 meters.
2.2 Keys with Immobilizers
In a key with an immobilizer (also known as transpon- der key), RFID chips are embedded in the key bow. When the key blade is inserted in the ignition lock, the RFID tag will be queried by the car to verify if the key is authorized. These immobilizer systems are designed to prevent physi- cally coping the key as well as stealing the car by bypassing the lock. Only a key with a previously paired RFID tag would be authorized to start the engine. The RFID technol- ogy involved typically relies on LF technology (from 120 to 135 KHz). It can operate in both passive and active modes depending on the scenario. The active mode of operation is commonly used with PKES (see Section 2.3).
In the passive mode of operation, the RFID tag in the key is powered by the car via inductive coupling before sending a challenge to the key. With the power transferred from the